Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Dialers


  • Please log in to reply
18 replies to this topic

#1 fuel_t4nk

fuel_t4nk

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 03 October 2006 - 06:08 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:43:08, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
C:\Program Files\PerSono\perstray.exe
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\SoF2mp_min.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program

Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program

Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file

missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard

advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SoF2mp_min.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User

VPN\SafeCfg.exe
O4 - Global Startup: Perstray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsoftupdat....cab?1141384592

140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat....cab?1141384580

765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -

http://threats.freedom.net/viruscenter/onl...cabs/cssweb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common

Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program

Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile

User VPN\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User

VPN\IreIKE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program

Files\blueyonder\PCguard\fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common

Files\PCSuite\Services\ServiceLayer.exe


Thanks in advance :thumbsup:

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 October 2006 - 08:06 PM

Hi fuel_t4nk and Welcome to the Bleeping Computer!


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#3 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 05 October 2006 - 01:01 PM

Hi Cretemonster
Thanks for the response, :thumbsup:
below is the smitfraudfix txt file.

SmitFraudFix v2.94

Scan done at 18:50:36.89, 05/10/2006
Run from C:\Documents and Settings\Paul\Desktop\Smitfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Paul\Application Data


Start Menu


C:\DOCUME~1\Paul\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard


Scanning wininet.dll infection


End

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 October 2006 - 03:46 PM

OK,looks like Smitfraud has been taken care of allready.

Lets go after the rest of the garbage.


Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#5 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 05 October 2006 - 04:40 PM

The 2 dialers that show up all the time are:

W32/Dialer.gen!EEH

W32/Dialer.CYW

if this helps :thumbsup:


Paul - 06-10-05 22:31:59.42 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Paul\Desktop\My Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))


2006-09-20 01:35 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-09-19 20:25 94,208 --a------ C:\WINDOWS\system32\uhvjsul.dll
2006-09-19 20:25 72,704 --a------ C:\WINDOWS\system32\unaoakg.dll
2006-09-19 20:25 15,872 --a------ C:\WINDOWS\system32\winosz32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-05 22:24 -------- d-------- C:\Program Files\Common Files
2006-10-05 18:35 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-05 18:35 -------- d-------- C:\Program Files\Common Files\Command Software
2006-10-03 23:43 -------- d-------- C:\Program Files\Hijackthis
2006-10-03 22:13 -------- d-------- C:\Program Files\Common Files\PestPatrol
2006-10-03 21:33 -------- d---s---- C:\Documents and Settings\Paul\Application Data\Microsoft
2006-10-03 21:32 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 21:31 -------- d-------- C:\Program Files\MSN Messenger
2006-09-21 20:19 -------- d-------- C:\Program Files\Windows Defender
2006-09-21 20:13 -------- d-------- C:\Program Files\QuickTime
2006-09-21 20:13 -------- d-------- C:\Program Files\PerSono
2006-09-21 20:12 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-09-21 20:08 -------- d-------- C:\Program Files\Internet Explorer
2006-09-21 20:05 -------- d-------- C:\Program Files\Google
2006-09-20 01:35 -------- d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2006
2006-09-20 01:35 -------- d-------- C:\Documents and Settings\Paul\Application Data\WinAntiVirus Pro 2006
2006-09-19 22:38 -------- d-------- C:\Program Files\CA
2006-09-19 22:30 -------- d-------- C:\Documents and Settings\Paul\Application Data\blueyonder
2006-09-19 21:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 21:52 -------- d-------- C:\Program Files\blueyonder
2006-09-19 21:48 -------- d-------- C:\Documents and Settings\Paul\Application Data\Telewest
2006-09-19 21:42 -------- d-------- C:\Program Files\Lavasoft
2006-09-19 21:42 -------- d-------- C:\Documents and Settings\Paul\Application Data\Lavasoft
2006-09-19 20:45 -------- d-------- C:\Program Files\IncaQuest_at
2006-09-19 20:44 -------- d-------- C:\Program Files\Plantasia_at
2006-09-19 20:44 -------- d-------- C:\Program Files\NetMeter
2006-09-19 20:43 -------- d-------- C:\Program Files\SnowyTreasureHunter2_at
2006-09-19 20:42 -------- d-------- C:\Program Files\Yahoo!
2006-09-05 20:19 -------- d-------- C:\Documents and Settings\Paul\Application Data\teamspeak2
2006-08-29 19:24 -------- d-------- C:\Program Files\mIRC
2006-08-23 18:47 -------- d-------- C:\Program Files\Microsoft Games
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 00:16 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-21 00:14 -------- d-------- C:\Program Files\GameSpy Arcade
2006-08-21 00:06 -------- d-------- C:\Program Files\Sierra
2006-08-20 15:09 -------- d-------- C:\Program Files\Java
2006-08-13 20:39 -------- d-------- C:\Program Files\By The Sword Software
2006-08-13 20:34 -------- d-------- C:\Program Files\Registrar Lite
2006-08-13 20:30 -------- d-------- C:\Program Files\Codebox
2006-08-11 22:32 -------- d-------- C:\Documents and Settings\Paul\Application Data\AdobeUM
2006-08-10 19:43 -------- d-------- C:\Program Files\Eidos
2006-08-07 08:50 -------- d-------- C:\Documents and Settings\Paul\Application Data\yoclient
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-07 17:57 5741 --a------ C:\Documents and Settings\Paul\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-07-05 21:45 8 --a------ C:\Documents and Settings\Paul\Application Data\NMM-MetaData.db


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"DXDllRegExe"="dxdllreg.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"dvd43"=""
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"PCguardadvisor.exe"="\"C:\\Program Files\\blueyonder\\PCguard advisor\\PCguardadvisor.exe\""
"PCguard"="\"C:\\Program Files\\blueyonder\\PCguard\\Rps.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\uhvjsul.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhvjsul"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\uhvjsul.dll,mrpmvyf"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winosz32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 05/10/2006 22:32:24.39
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 October 2006 - 04:53 PM

Restart in Safe Mode and move combofix.exe to your primary C:\ drive/

It must be there in order for the next step to work.

Click Start--> Click Run--> Copy&Paste the bold text below into th open Run box and click OK.

%systemdrive%\combofix.exe /v uhvjsul unaoakg winosz32


Let combofix do its thing and save the resulting log.


Restart normal and post the new ComboFix log.

After posting that,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#7 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 06 October 2006 - 10:48 AM

Thanks Cretemonster

I'm away until late Sunday but will do them when i return.

#8 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 09 October 2006 - 02:03 PM

Paul - 06-10-09 19:53:45.26 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\"
Command switches used :: /v uhvjsul unaoakg winosz32

((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 ))))))))))))))))))))))))))))))))))


2006-10-09 19:39 276,526 --a------ C:\combofix.exe
2006-10-08 21:41 25,600 --a------ C:\WINDOWS\system32\jesterss.dll
2006-10-08 21:41 1,377,399 C:\WINDOWS\system32Windy Miller.scr
2006-09-20 01:35 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-09 19:30 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-08 21:41 -------- d-------- C:\Program Files\Windy Miller
2006-10-08 18:41 -------- d-------- C:\Program Files\Common Files\Command Software
2006-10-05 22:24 -------- d-------- C:\Program Files\Common Files
2006-10-03 23:43 -------- d-------- C:\Program Files\Hijackthis
2006-10-03 22:13 -------- d-------- C:\Program Files\Common Files\PestPatrol
2006-10-03 21:33 -------- d---s---- C:\Documents and Settings\Paul\Application Data\Microsoft
2006-10-03 21:32 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 21:31 -------- d-------- C:\Program Files\MSN Messenger
2006-09-21 20:19 -------- d-------- C:\Program Files\Windows Defender
2006-09-21 20:13 -------- d-------- C:\Program Files\QuickTime
2006-09-21 20:13 -------- d-------- C:\Program Files\PerSono
2006-09-21 20:12 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-09-21 20:08 -------- d-------- C:\Program Files\Internet Explorer
2006-09-21 20:05 -------- d-------- C:\Program Files\Google
2006-09-20 01:35 -------- d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2006
2006-09-20 01:35 -------- d-------- C:\Documents and Settings\Paul\Application Data\WinAntiVirus Pro 2006
2006-09-19 22:38 -------- d-------- C:\Program Files\CA
2006-09-19 22:30 -------- d-------- C:\Documents and Settings\Paul\Application Data\blueyonder
2006-09-19 21:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-19 21:52 -------- d-------- C:\Program Files\blueyonder
2006-09-19 21:48 -------- d-------- C:\Documents and Settings\Paul\Application Data\Telewest
2006-09-19 21:42 -------- d-------- C:\Program Files\Lavasoft
2006-09-19 21:42 -------- d-------- C:\Documents and Settings\Paul\Application Data\Lavasoft
2006-09-19 20:45 -------- d-------- C:\Program Files\IncaQuest_at
2006-09-19 20:44 -------- d-------- C:\Program Files\Plantasia_at
2006-09-19 20:44 -------- d-------- C:\Program Files\NetMeter
2006-09-19 20:43 -------- d-------- C:\Program Files\SnowyTreasureHunter2_at
2006-09-19 20:42 -------- d-------- C:\Program Files\Yahoo!
2006-09-05 20:19 -------- d-------- C:\Documents and Settings\Paul\Application Data\teamspeak2
2006-08-29 19:24 -------- d-------- C:\Program Files\mIRC
2006-08-23 18:47 -------- d-------- C:\Program Files\Microsoft Games
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 00:16 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-21 00:14 -------- d-------- C:\Program Files\GameSpy Arcade
2006-08-21 00:06 -------- d-------- C:\Program Files\Sierra
2006-08-20 15:09 -------- d-------- C:\Program Files\Java
2006-08-13 20:39 -------- d-------- C:\Program Files\By The Sword Software
2006-08-13 20:34 -------- d-------- C:\Program Files\Registrar Lite
2006-08-13 20:30 -------- d-------- C:\Program Files\Codebox
2006-08-11 22:32 -------- d-------- C:\Documents and Settings\Paul\Application Data\AdobeUM
2006-08-10 19:43 -------- d-------- C:\Program Files\Eidos
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-07 17:57 5741 --a------ C:\Documents and Settings\Paul\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-07-05 21:45 8 --a------ C:\Documents and Settings\Paul\Application Data\NMM-MetaData.db


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"DXDllRegExe"="dxdllreg.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"dvd43"=""
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"PCguardadvisor.exe"="\"C:\\Program Files\\blueyonder\\PCguard advisor\\PCguardadvisor.exe\""
"PCguard"="\"C:\\Program Files\\blueyonder\\PCguard\\Rps.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\uhvjsul.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uhvjsul"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\uhvjsul.dll,mrpmvyf"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 09/10/2006 19:54:49.60
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2006 - 02:19 PM

Copy the text in the Code Box to notepad and save it to the Desktop with the name fix.reg


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\uhvjsul.dll]


Double Click fix.reg and allow it to merge into the registry.


Post the F-Secure results when the scan finishes.

#10 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 09 October 2006 - 02:28 PM

Just waiting for F-Secure now :thumbsup:

#11 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 09 October 2006 - 03:08 PM

Scanning Report
Monday, October 09, 2006 20:06:17 - 21:04:32
Computer name: PC01
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 3 malware found
DriveCleaner (spyware)
System (Disinfected)
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Trojan-Spy.Win32.Agent.l (virus)
C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\FOLDERS\KA\KANEEZ AKTHAR\APPLICATION DATA\SYSUPD.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 43029
System: 6053
Not scanned: 11
Actions:
Disinfected: 2
Renamed: 1
Deleted: 0
None: 0
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46AD6C8936FECF0FBAD07CB2C6A3F93A_1E0780F0-BA9E-457B-BA9F-D0107CD04438
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E0589343E0805AAB238651C98B25125_1E0780F0-BA9E-457B-BA9F-D0107CD04438
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60F67554E052F98F940752DBDADF90ED_1E0780F0-BA9E-457B-BA9F-D0107CD04438
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87B432EFC7F8AE258F41EAD8D55D8912_1E0780F0-BA9E-457B-BA9F-D0107CD04438
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A98E122327D92F0147FD0AF5890D727_1E0780F0-BA9E-457B-BA9F-D0107CD04438
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A36A5CC953C489180D86E6F54A2CBD8A_1E0780F0-BA9E-457B-BA9F-D0107CD04438
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB1A15504140527D6A7F30BAEA50BDC7_1E0780F0-BA9E-457B-BA9F-D0107CD04438
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED1F82C1FF18D279B9DC1239ED6DC1FF_1E0780F0-BA9E-457B-BA9F-D0107CD04438

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-09
F-Secure Libra: 2.4.1, 2006-10-06
F-Secure Orion: 1.2.37, 2006-10-09
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-29
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2006 - 05:03 PM

Look in Add\Remove Programs and see if WinAntiVirus Pro 2006 is listed?


The file F-Secure renamed should now look like this:

C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\FOLDERS\KA\KANEEZ AKTHAR\APPLICATION DATA\SYSUPD.0XE

Please locate and delete that file.


Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)


Nice Temp file cleaner to have around for regular use.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  • Post the contents of the ActiveScan report along with a fresh HijackThis log.


#13 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 10 October 2006 - 02:25 AM

Nothing found by Panda but 2 trj found by Avast :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 08:21:40, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
C:\Program Files\PerSono\perstray.exe
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\SoF2mp_min.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SoF2mp_min.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
O4 - Global Startup: Perstray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141384592140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141384580765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onl...cabs/cssweb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 October 2006 - 03:40 AM

I take it you mean files AVast allready quarantined?


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Please Install these 2 to add to the Security of the PC

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#15 fuel_t4nk

fuel_t4nk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 10 October 2006 - 01:02 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 10, 2006 6:54:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/10/2006
Kaspersky Anti-Virus database records: 230333
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 94348
Number of viruses found: 7
Number of infected objects: 169 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:41:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\blueyonder\PCguard\logs\FirewallService10-10-2006--15-44-39.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46ad6c8936fecf0fbad07cb2c6a3f93a_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e0589343e0805aab238651c98b25125_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60f67554e052f98f940752dbdadf90ed_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87b432efc7f8ae258f41ead8d55d8912_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a98e122327d92f0147fd0af5890d727_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a36a5cc953c489180d86e6f54a2cbd8a_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb1a15504140527d6a7f30baea50bdc7_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed1f82c1ff18d279b9dc1239ed6dc1ff_1e0780f0-ba9e-457b-ba9f-d0107cd04438 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05092006-215442.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Telewest\PCguard advisor\client_gateway.log Object is locked skipped
C:\Documents and Settings\Paul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Desktop\My Downloads\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Paul\Desktop\My Downloads\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Paul\Desktop\My Downloads\mirc62.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Paul\Desktop\My Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Paul\Desktop\My Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Paul\Desktop\Smitfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Paul\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Paul\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\Perflib_Perfdata_7c0.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\Perflib_Perfdata_810.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\Perflib_Perfdata_e14.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF893D.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\My Documents\Smit\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Paul\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Paul\NtUser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037902.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037903.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037904.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037905.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037906.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037907.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037908.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037909.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037910.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037911.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037912.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037913.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037914.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037915.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037916.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037917.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037918.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037919.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037920.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037921.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037922.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037923.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037924.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037925.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037926.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037927.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037928.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037929.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037930.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037931.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037932.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037933.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037934.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037935.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037936.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037937.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037938.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037939.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037940.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037941.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037942.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037943.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037944.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037945.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037946.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037947.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037948.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037949.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037950.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037951.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037952.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037953.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037954.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037955.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037956.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037957.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037958.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037959.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037960.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037961.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037962.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037963.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037964.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037965.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037966.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037967.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037968.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037969.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037970.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037971.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037972.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037973.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037974.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037975.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037976.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037977.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037978.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037979.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037980.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037981.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037982.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037983.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037984.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037985.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037986.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037987.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037988.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037989.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037990.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037991.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037992.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037993.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037994.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037995.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037996.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037997.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037998.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0037999.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038000.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038001.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038002.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038003.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038004.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038005.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038006.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038007.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038008.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038009.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038010.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038011.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038012.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038013.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038014.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038015.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038016.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038017.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038018.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038019.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038020.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038021.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038022.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038023.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038024.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038025.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038026.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038027.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038028.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038029.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038030.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038031.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038032.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038033.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038034.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038035.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038036.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038037.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038038.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038039.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038040.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038041.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038042.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038043.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038044.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038045.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038046.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038047.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038048.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038049.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038050.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038051.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038052.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038053.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038056.exe Infected: not-a-virus:AdWare.Win32.180Solutions.am skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038057.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038058.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038059.exe/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038059.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{75363626-FE62-4076-B5FE-E43AAA802639}(2)\RP344\A0038059.exe Embedded CAB: infected - 2 skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\cssweb.dll Infected: not-a-virus:AdWare.Win32.CSSWeb.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8445C4EF-87B8-497D-8D40-C2FC20874395}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9773.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users